l_lefty

Hej Min vän var tvungen att sticka med datorn igen så nu har jag den inte längre här. Men innan det gjorde jag som du sa, och med en uppdaterad anti-malwere scan och fix så försvann den där rutan. Kalas! Men jag ska kanske hälsa på honom snart och kommer då ta en titt på datorn då. Kanske jag kan lägga upp en HJT-log här då. Men tusen tack Malou för din hjälp. Vet inte hur jag ska kunna tacka dig tillräckligt. Ska fundera lite på det, så återkommer jag när jag kommit på ngt. Ha det fint så länge! Mvh, L

Hej igen, Tror inte det är Symantec som flaggar för Trojan-Keylogger Win32 Fung. Det ser ut som ett windowsfönster och heter windows security alert. Nu har jag uppdaterat Malwarebytes Anti-Malware och kört. Hittade två fel som jag tog bort. Sen körde jag en ny TM HJT och klistrar in den loggen nedan. Men först loggen från malwarebytes anti-malware: Malwarebytes' Anti-Malware 1.30 Databasversion: 1371 Windows 5.1.2600 Service Pack 2 2008-11-07 17:25:20 mbam-log-2008-11-07 (17-25-20).txt Skanningstyp: Snabb skanning Antal skannade objekt: 70705 Förfluten tid: 8 minute(s), 51 second(s) Infekterade minnesprocesser: 0 Infekterade minnesmoduler: 0 Infekterade registernycklar: 0 Infekterade registervärden: 1 Infekterade registerdataposter: 0 Infekterade mappar: 0 Infekterade filer: 1 Infekterade minnesprocesser: (Inga illasinnade poster hittades) Infekterade minnesmoduler: (Inga illasinnade poster hittades) Infekterade registernycklar: (Inga illasinnade poster hittades) Infekterade registervärden: HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRunasus32 (Rogue.PersonalDefender2009) -> Quarantined and deleted successfully. Infekterade registerdataposter: (Inga illasinnade poster hittades) Infekterade mappar: (Inga illasinnade poster hittades) Infekterade filer: C:Documents and SettingsMattias BergströmApplication DataGooglemupd1_2_12916358.exe (Rogue.PersonalDefender2009) -> Delete on reboot. ___________________________________________________________________________________ Å så HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:02:49, on 2008-11-07 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32Ati2evxx.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32Ati2evxx.exe C:Program FilesCommon FilesSymantec SharedccSetMgr.exe C:WINDOWSExplorer.EXE C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe C:WINDOWSsystem32spoolsv.exe C:AcerEmpowering TechnologyePerformanceMemCheck.exe C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe c:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe C:WINDOWSeHomeehRecvr.exe C:WINDOWSeHomeehSched.exe C:Program FilesJavajre6binjqs.exe C:Program FilesCommon FilesLightScribeLSSrvc.exe C:Program FilesNorton AntiVirusnavapsvc.exe C:Program FilesNorton AntiVirusIWPNPFMntor.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32wscntfy.exe C:WINDOWSsystem32dllhost.exe C:WINDOWSsystem32wbemwmiapsrv.exe C:WINDOWSehomeehtray.exe C:WINDOWSeHomeehmsas.exe C:WINDOWSRTHDCPL.EXE C:AcerEmpowering TechnologyeDataSecurityeDSloader.exe C:AcerEmpowering TechnologyePowerePower_DMC.exe C:Program FilesSynapticsSynTPSynTPEnh.exe C:PROGRA~1LAUNCH~1LManager.exe C:AcerEmpowering TechnologyeRecoveryeRAgent.exe C:Program FilesCommon FilesSymantec SharedccApp.exe C:WINDOWSVM305_STI.EXE C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe C:WINDOWSsystem32rundll32.exe C:Program FilesATI TechnologiesATI.ACECLI.EXE C:Program FilesQuickTimeqttask.exe C:Program FilesJavajre6binjusched.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32ctfmon.exe C:WINDOWSsystem32wbemunsecapp.exe C:Program FilesMSN MessengerMsnMsgr.Exe C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe C:AcerEmpowering TechnologyAcer.Empowering.Framework.Launcher.exe C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe C:Program FilesNikonPictureProjectNkbMonitor.exe C:Program FilesATI TechnologiesATI.ACEcli.exe C:Program FilesATI TechnologiesATI.ACEcli.exe C:WINDOWSsystem32wuauclt.exe C:Program FilesCommon FilesSymantec SharedSecurity ConsoleNSCSRVCE.EXE C:Program FilesMessengermsmsgs.exe C:Program FilesTrend MicroHijackThislinus.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.hotmail.com/ R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://sv.intl.acer.yahoo.com/ R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre6binssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:Program FilesNorton AntiVirusNavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier3.1.807.1746swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:WINDOWSsystem32eDStoolbar.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:Program FilesNorton AntiVirusNavShExt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar3.dll O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe O4 - HKLM..Run: [AzMixerSel] C:Program FilesRealtekInstallShieldAzMixerSel.exe O4 - HKLM..Run: [ntiMUI] C:Program FilesNewTech InfosystemsNTI CD & DVD-Maker 7ntiMUI.exe O4 - HKLM..Run: [Acer ePresentation HPD] C:AcerEmpowering TechnologyePresentationePresentation.exe O4 - HKLM..Run: [iMJPMIG8.1] "C:WINDOWSIMEimjp8_1IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM..Run: [MSPY2002] C:WINDOWSsystem32IMEPINTLGNTImScInst.exe /SYNC O4 - HKLM..Run: [PHIME2002ASync] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /SYNC O4 - HKLM..Run: [PHIME2002A] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /IMEName O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM..Run: [skyTel] SkyTel.EXE O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE O4 - HKLM..Run: [eDataSecurity Loader] C:AcerEmpowering TechnologyeDataSecurityeDSloader.exe 1 O4 - HKLM..Run: [ePower_DMC] C:AcerEmpowering TechnologyePowerePower_DMC.exe O4 - HKLM..Run: [boot] C:AcerEmpowering TechnologyePowerBoot.exe O4 - HKLM..Run: [synTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe O4 - HKLM..Run: [LManager] C:PROGRA~1LAUNCH~1LManager.exe O4 - HKLM..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACECLIStart.exe" O4 - HKLM..Run: [eRecoveryService] C:AcerEmpowering TechnologyeRecoveryeRAgent.exe O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe" O4 - HKLM..Run: [bigDog305] C:WINDOWSVM305_STI.EXE VIMICRO USB PC Camera (ZC0305) O4 - HKLM..Run: [GrooveMonitor] "C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe" O4 - HKLM..Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime O4 - HKLM..Run: [symantec PIF AlertEng] "C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe" /a /m "C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}AlertEng.dll" O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre6binjusched.exe" O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe" /background O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM') O4 - HKUSS-1-5-18..Run: [Picasa Media Detector] C:Program FilesPicasa2PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user') O4 - Global Startup: Acer Empowering Technology.lnk = C:AcerEmpowering TechnologyAcer.Empowering.Framework.Launcher.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: NkbMonitor.exe.lnk = C:Program FilesNikonPictureProjectNkbMonitor.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe O8 - Extra context menu item: &Windows Live Search - res://C:Program FilesWindows Live Toolbarmsntb.dll/search.htm O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000 O8 - Extra context menu item: Skicka till &Bluetooth-enhet... - c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:Program FilesWindows Live ToolbarComponentssv-semsntabres.dll.mui/229?8543bdd187e14a409a4bce25c896c274 O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:Program FilesWindows Live ToolbarComponentssv-semsntabres.dll.mui/230?8543bdd187e14a409a4bce25c896c274 O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:AcerEmpowering TechnologyePerformanceMemCheck.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSetMgr.exe O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6binjqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:Program FilesNorton AntiVirusnavapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:Program FilesNorton AntiVirusIWPNPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSecurity ConsoleNSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:Program FilesNorton AntiVirusSAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe -- End of file - 12731 bytes

Ja, det var ju lite dumt att det blev så, men men det är inga sura miner. Jag gjorde som du sa och nedan är den nya varianten: SmitFraudFix v2.373 Scan done at 15:03:44,68, 2008-11-07 Run from C:Documents and SettingsMattias BergstrmDesktopSmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is FAT32 Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32Ati2evxx.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32Ati2evxx.exe C:Program FilesCommon FilesSymantec SharedccSetMgr.exe C:WINDOWSExplorer.EXE C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe C:WINDOWSsystem32spoolsv.exe C:AcerEmpowering TechnologyePerformanceMemCheck.exe C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe c:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe C:WINDOWSeHomeehRecvr.exe C:WINDOWSeHomeehSched.exe C:Program FilesJavajre6binjqs.exe C:Program FilesCommon FilesLightScribeLSSrvc.exe C:Program FilesNorton AntiVirusnavapsvc.exe C:Program FilesNorton AntiVirusIWPNPFMntor.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32wscntfy.exe C:WINDOWSsystem32dllhost.exe C:WINDOWSsystem32wbemwmiapsrv.exe C:WINDOWSehomeehtray.exe C:WINDOWSRTHDCPL.EXE C:WINDOWSeHomeehmsas.exe C:AcerEmpowering TechnologyeDataSecurityeDSloader.exe C:AcerEmpowering TechnologyePowerePower_DMC.exe C:Program FilesSynapticsSynTPSynTPEnh.exe C:PROGRA~1LAUNCH~1LManager.exe C:AcerEmpowering TechnologyeRecoveryeRAgent.exe C:Program FilesCommon FilesSymantec SharedccApp.exe C:WINDOWSVM305_STI.EXE C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe C:WINDOWSsystem32rundll32.exe C:Program FilesQuickTimeqttask.exe C:Program FilesJavajre6binjusched.exe C:WINDOWSsystem32ctfmon.exe C:WINDOWSSystem32svchost.exe C:Program FilesATI TechnologiesATI.ACECLI.EXE C:Program FilesMSN MessengerMsnMsgr.Exe C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe C:Documents and SettingsMattias BergströmApplication DataGooglemupd1_2_12916358.exe C:AcerEmpowering TechnologyAcer.Empowering.Framework.Launcher.exe C:WINDOWSsystem32wbemunsecapp.exe C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe C:Program FilesNikonPictureProjectNkbMonitor.exe C:Program FilesATI TechnologiesATI.ACEcli.exe C:Program FilesATI TechnologiesATI.ACEcli.exe C:WINDOWSsystem32wuauclt.exe C:Program FilesCommon FilesSymantec SharedSecurity ConsoleNSCSRVCE.EXE C:Program FilesMessengermsmsgs.exe C:Documents and SettingsMattias BergströmDesktopSmitfraudFixPolicies.exe C:WINDOWSsystem32cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C: »»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSsystem »»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSWeb »»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSsystem32 »»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSsystem32LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:Documents and SettingsMattias Bergstrm »»»»»»»»»»»»»»»»»»»»»»»» C:DOCUME~1MATTIA~1LOCALS~1Temp »»»»»»»»»»»»»»»»»»»»»»»» C:Documents and SettingsMattias BergstrmApplication Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:DOCUME~1MATTIA~1FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components »»»»»»»»»»»»»»»»»»»»»»»» o4Patch !!!Attention, following keys are not inevitably infected!!! o4Patch Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, following keys are not inevitably infected!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, following keys are not inevitably infected!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, following keys are not inevitably infected!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon] "Userinit"="C:WINDOWSsystem32userinit.exe," "System"="" »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Atheros AR5005G Wireless Network Adapter - Packet Scheduler Miniport DNS Server Search Order: 192.168.1.1 HKLMSYSTEMCCSServicesTcpip..{E95BFD27-4B33-4642-97EA-536DEE4604EB}: DhcpNameServer=192.168.1.1 HKLMSYSTEMCS1ServicesTcpip..{E95BFD27-4B33-4642-97EA-536DEE4604EB}: DhcpNameServer=192.168.1.1 HKLMSYSTEMCS2ServicesTcpip..{E95BFD27-4B33-4642-97EA-536DEE4604EB}: DhcpNameServer=192.168.1.1 HKLMSYSTEMCCSServicesTcpipParameters: DhcpNameServer=192.168.1.1 HKLMSYSTEMCS1ServicesTcpipParameters: DhcpNameServer=192.168.1.1 HKLMSYSTEMCS2ServicesTcpipParameters: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End

Och nu senaste TM HJT-loggen: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:48:15, on 2008-11-07 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32Ati2evxx.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32Ati2evxx.exe C:Program FilesCommon FilesSymantec SharedccSetMgr.exe C:WINDOWSExplorer.EXE C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe C:WINDOWSsystem32spoolsv.exe C:AcerEmpowering TechnologyePerformanceMemCheck.exe C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe c:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe C:WINDOWSeHomeehRecvr.exe C:WINDOWSeHomeehSched.exe C:Program FilesJavajre6binjqs.exe C:Program FilesCommon FilesLightScribeLSSrvc.exe C:Program FilesNorton AntiVirusnavapsvc.exe C:Program FilesNorton AntiVirusIWPNPFMntor.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32wscntfy.exe C:WINDOWSsystem32dllhost.exe C:WINDOWSsystem32wbemwmiapsrv.exe C:WINDOWSehomeehtray.exe C:WINDOWSRTHDCPL.EXE C:WINDOWSeHomeehmsas.exe C:AcerEmpowering TechnologyeDataSecurityeDSloader.exe C:AcerEmpowering TechnologyePowerePower_DMC.exe C:Program FilesSynapticsSynTPSynTPEnh.exe C:PROGRA~1LAUNCH~1LManager.exe C:AcerEmpowering TechnologyeRecoveryeRAgent.exe C:Program FilesCommon FilesSymantec SharedccApp.exe C:WINDOWSVM305_STI.EXE C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe C:WINDOWSsystem32rundll32.exe C:Program FilesQuickTimeqttask.exe C:Program FilesJavajre6binjusched.exe C:WINDOWSsystem32ctfmon.exe C:WINDOWSSystem32svchost.exe C:Program FilesATI TechnologiesATI.ACECLI.EXE C:Program FilesMSN MessengerMsnMsgr.Exe C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe C:Documents and SettingsMattias BergströmApplication DataGooglemupd1_2_12916358.exe C:AcerEmpowering TechnologyAcer.Empowering.Framework.Launcher.exe C:WINDOWSsystem32wbemunsecapp.exe C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe C:Program FilesNikonPictureProjectNkbMonitor.exe C:Program FilesATI TechnologiesATI.ACEcli.exe C:Program FilesATI TechnologiesATI.ACEcli.exe C:WINDOWSsystem32wuauclt.exe C:Program FilesCommon FilesSymantec SharedSecurity ConsoleNSCSRVCE.EXE C:Program FilesMessengermsmsgs.exe C:Program FilesTrend MicroHijackThislinus.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.hotmail.com/ R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://sv.intl.acer.yahoo.com/ R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre6binssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:Program FilesNorton AntiVirusNavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier3.1.807.1746swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:WINDOWSsystem32eDStoolbar.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:Program FilesNorton AntiVirusNavShExt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar3.dll O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe O4 - HKLM..Run: [AzMixerSel] C:Program FilesRealtekInstallShieldAzMixerSel.exe O4 - HKLM..Run: [ntiMUI] C:Program FilesNewTech InfosystemsNTI CD & DVD-Maker 7ntiMUI.exe O4 - HKLM..Run: [Acer ePresentation HPD] C:AcerEmpowering TechnologyePresentationePresentation.exe O4 - HKLM..Run: [iMJPMIG8.1] "C:WINDOWSIMEimjp8_1IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM..Run: [MSPY2002] C:WINDOWSsystem32IMEPINTLGNTImScInst.exe /SYNC O4 - HKLM..Run: [PHIME2002ASync] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /SYNC O4 - HKLM..Run: [PHIME2002A] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /IMEName O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM..Run: [skyTel] SkyTel.EXE O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE O4 - HKLM..Run: [eDataSecurity Loader] C:AcerEmpowering TechnologyeDataSecurityeDSloader.exe 1 O4 - HKLM..Run: [ePower_DMC] C:AcerEmpowering TechnologyePowerePower_DMC.exe O4 - HKLM..Run: [boot] C:AcerEmpowering TechnologyePowerBoot.exe O4 - HKLM..Run: [synTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe O4 - HKLM..Run: [LManager] C:PROGRA~1LAUNCH~1LManager.exe O4 - HKLM..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACECLIStart.exe" O4 - HKLM..Run: [eRecoveryService] C:AcerEmpowering TechnologyeRecoveryeRAgent.exe O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe" O4 - HKLM..Run: [bigDog305] C:WINDOWSVM305_STI.EXE VIMICRO USB PC Camera (ZC0305) O4 - HKLM..Run: [GrooveMonitor] "C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe" O4 - HKLM..Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime O4 - HKLM..Run: [symantec PIF AlertEng] "C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe" /a /m "C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}AlertEng.dll" O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre6binjusched.exe" O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe" /background O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe O4 - HKCU..Run: [asus32] "C:Documents and SettingsMattias BergströmApplication DataGooglemupd1_2_12916358.exe" O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM') O4 - HKUSS-1-5-18..Run: [Picasa Media Detector] C:Program FilesPicasa2PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user') O4 - Global Startup: Acer Empowering Technology.lnk = C:AcerEmpowering TechnologyAcer.Empowering.Framework.Launcher.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: NkbMonitor.exe.lnk = C:Program FilesNikonPictureProjectNkbMonitor.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe O8 - Extra context menu item: &Windows Live Search - res://C:Program FilesWindows Live Toolbarmsntb.dll/search.htm O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000 O8 - Extra context menu item: Skicka till &Bluetooth-enhet... - c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:Program FilesWindows Live ToolbarComponentssv-semsntabres.dll.mui/229?8543bdd187e14a409a4bce25c896c274 O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:Program FilesWindows Live ToolbarComponentssv-semsntabres.dll.mui/230?8543bdd187e14a409a4bce25c896c274 O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:AcerEmpowering TechnologyePerformanceMemCheck.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSetMgr.exe O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6binjqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:Program FilesNorton AntiVirusnavapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:Program FilesNorton AntiVirusIWPNPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSecurity ConsoleNSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:Program FilesNorton AntiVirusSAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe -- End of file - 12940 bytes

Hej, Förlåt jag varit frånvarande så länge utan skrivit ngt, eller ens tackat ordentligt. Min vän kom hem och stack med datorn igen ett bra tag. Nu är han dock tillbaka å säger att datorn fortfarande buggar lite. Så då fick jag tillbaka den för att försöka lösa det, så nu ber jag om hjälp igen. Jag har läst igenom tråden och i det senaste inlägget fick jag lite fler instruktioner jag aldrig kunde slutfölja. Men nu har jag fixat och gjort en SmittFraudFix-logga som jag klistrar in nedan. Jag har oxå frågat om yahoo och min polare har inget minne av att installerat ngt sådant. Jag har även gjort en TM HJT-log som jag klistrar in. Ett problem med datorn säger min polare är att en windows security alert ruta ständigt kommer upp med en varningstext. I den står det: Do you want to block this suspicious software? Name: Trojan-Keylogger Win32 Fung Risk level: High Description: Fung is a spyware program that records Keystrokes and take screen shots of the computer, stealing personal financial information Är tacksam för all hjälp jag kan få. Mvh, L Först SmittfraudFix-log: SmitFraudFix v2.366 Scan done at 10:58:41,46, 2008-11-07 Run from C:Documents and SettingsMattias BergstrmDesktopDatorFixSmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is FAT32 Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32Ati2evxx.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32Ati2evxx.exe C:Program FilesCommon FilesSymantec SharedccSetMgr.exe C:WINDOWSExplorer.EXE C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe C:WINDOWSsystem32spoolsv.exe C:AcerEmpowering TechnologyePerformanceMemCheck.exe C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe c:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe C:WINDOWSeHomeehRecvr.exe C:WINDOWSeHomeehSched.exe C:Program FilesJavajre6binjqs.exe C:Program FilesCommon FilesLightScribeLSSrvc.exe C:Program FilesNorton AntiVirusnavapsvc.exe C:Program FilesNorton AntiVirusIWPNPFMntor.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32wscntfy.exe C:WINDOWSsystem32dllhost.exe C:WINDOWSsystem32wbemwmiapsrv.exe C:WINDOWSehomeehtray.exe C:WINDOWSeHomeehmsas.exe C:WINDOWSRTHDCPL.EXE C:AcerEmpowering TechnologyeDataSecurityeDSloader.exe C:AcerEmpowering TechnologyePowerePower_DMC.exe C:Program FilesSynapticsSynTPSynTPEnh.exe C:PROGRA~1LAUNCH~1LManager.exe C:AcerEmpowering TechnologyeRecoveryeRAgent.exe C:Program FilesCommon FilesSymantec SharedccApp.exe C:WINDOWSVM305_STI.EXE C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe C:WINDOWSsystem32rundll32.exe C:Program FilesATI TechnologiesATI.ACECLI.EXE C:Program FilesQuickTimeqttask.exe C:Program FilesJavajre6binjusched.exe C:WINDOWSsystem32ctfmon.exe C:WINDOWSSystem32svchost.exe C:Program FilesMSN MessengerMsnMsgr.Exe C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe C:WINDOWSsystem32driverssvchost.exe C:Documents and SettingsMattias BergströmApplication DataGooglemupd1_2_12916358.exe C:WINDOWSsystem32wbemunsecapp.exe C:AcerEmpowering TechnologyAcer.Empowering.Framework.Launcher.exe C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe C:Program FilesNikonPictureProjectNkbMonitor.exe C:WINDOWSsystem32wuauclt.exe C:Program FilesATI TechnologiesATI.ACEcli.exe C:Program FilesATI TechnologiesATI.ACEcli.exe C:Program FilesCommon FilesSymantec SharedSecurity ConsoleNSCSRVCE.EXE C:Program FilesWindows Media Playerwmplayer.exe C:Program FilesInternet Exploreriexplore.exe C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLLoginProxy.exe C:Program FilesMessengermsmsgs.exe C:Documents and SettingsMattias BergströmDesktopDatorFixSmitfraudFixPolicies.exe C:WINDOWSsystem32cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C: »»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSsystem »»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSWeb »»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSsystem32 C:WINDOWSsystem32driverssvchost.exe FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSsystem32LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:Documents and SettingsMattias Bergstrm »»»»»»»»»»»»»»»»»»»»»»»» C:Documents and SettingsMattias BergstrmApplication Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:DOCUME~1MATTIA~1FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components »»»»»»»»»»»»»»»»»»»»»»»» o4Patch !!!Attention, following keys are not inevitably infected!!! o4Patch Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, following keys are not inevitably infected!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, following keys are not inevitably infected!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, following keys are not inevitably infected!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix !!!Attention, following keys are not inevitably infected!!! AntiXPVSTFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon] "Userinit"="C:WINDOWSsystem32userinit.exe," "System"="" »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Atheros AR5005G Wireless Network Adapter - Packet Scheduler Miniport DNS Server Search Order: 192.168.1.1 HKLMSYSTEMCCSServicesTcpip..{E95BFD27-4B33-4642-97EA-536DEE4604EB}: DhcpNameServer=192.168.1.1 HKLMSYSTEMCS1ServicesTcpip..{E95BFD27-4B33-4642-97EA-536DEE4604EB}: DhcpNameServer=192.168.1.1 HKLMSYSTEMCS2ServicesTcpip..{E95BFD27-4B33-4642-97EA-536DEE4604EB}: DhcpNameServer=192.168.1.1 HKLMSYSTEMCCSServicesTcpipParameters: DhcpNameServer=192.168.1.1 HKLMSYSTEMCS1ServicesTcpipParameters: DhcpNameServer=192.168.1.1 HKLMSYSTEMCS2ServicesTcpipParameters: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End

Hej igen, Nu har jag försökt dela upp SmitFraud-loggen men det skulle bli sjukt mga inlägg. Jag improviserar lite och tar bara med första och sista delen, för där emellan är det bara en jättemga rader : 127.0.0.1 www.00hq.com SmitFraudFix v2.366 Scan done at 16:55:54,95, 2008-10-27 Run from D:SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is FAT32 Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com .......... .. 127.0.0.1 zxlinks.com 127.0.0.1 www.zxlinks.com 127.0.0.1 zyban-zocor-levitra.com »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix AntiXPVSTFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLMSYSTEMCCSServicesTcpip..{9110DABF-D8FC-44B7-9484-A7720D4FA007}: DhcpNameServer=192.168.1.1 HKLMSYSTEMCS1ServicesTcpip..{9110DABF-D8FC-44B7-9484-A7720D4FA007}: DhcpNameServer=192.168.1.1 HKLMSYSTEMCS2ServicesTcpip..{9110DABF-D8FC-44B7-9484-A7720D4FA007}: DhcpNameServer=192.168.1.1 HKLMSYSTEMCCSServicesTcpipParameters: DhcpNameServer=192.168.1.1 HKLMSYSTEMCS1ServicesTcpipParameters: DhcpNameServer=192.168.1.1 HKLMSYSTEMCS2ServicesTcpipParameters: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End

HiJackThis-loggen: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:19:46, on 2008-10-27 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32Ati2evxx.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32Ati2evxx.exe C:Program FilesCommon FilesSymantec SharedccSetMgr.exe C:WINDOWSExplorer.EXE C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe C:WINDOWSsystem32spoolsv.exe C:AcerEmpowering TechnologyePerformanceMemCheck.exe C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe c:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe C:WINDOWSeHomeehRecvr.exe C:WINDOWSeHomeehSched.exe C:Program FilesJavajre6binjqs.exe C:Program FilesCommon FilesLightScribeLSSrvc.exe C:Program FilesNorton AntiVirusnavapsvc.exe C:Program FilesNorton AntiVirusIWPNPFMntor.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32wbemwmiapsrv.exe C:WINDOWSsystem32wscntfy.exe C:WINDOWSsystem32dllhost.exe C:WINDOWSsystem32ctfmon.exe C:WINDOWSehomeehtray.exe C:WINDOWSeHomeehmsas.exe C:WINDOWSSystem32svchost.exe C:WINDOWSRTHDCPL.EXE C:WINDOWSsystem32wuauclt.exe C:AcerEmpowering TechnologyeDataSecurityeDSloader.exe C:AcerEmpowering TechnologyePowerePower_DMC.exe C:Program FilesSynapticsSynTPSynTPEnh.exe C:PROGRA~1LAUNCH~1LManager.exe C:AcerEmpowering TechnologyeRecoveryeRAgent.exe C:Program FilesCommon FilesSymantec SharedccApp.exe C:WINDOWSVM305_STI.EXE C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe C:WINDOWSsystem32rundll32.exe C:Program FilesATI TechnologiesATI.ACECLI.EXE C:Program FilesJavajre6binjusched.exe C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe C:WINDOWSsystem32wbemunsecapp.exe C:AcerEmpowering TechnologyAcer.Empowering.Framework.Launcher.exe C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe C:Program FilesNikonPictureProjectNkbMonitor.exe C:Program FilesATI TechnologiesATI.ACEcli.exe C:Program FilesATI TechnologiesATI.ACEcli.exe C:Program FilesCommon FilesSymantec SharedSecurity ConsoleNSCSRVCE.EXE C:Program FilesMessengermsmsgs.exe C:Program FilesTrend MicroHijackThislinus.exe R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://sv.intl.acer.yahoo.com/ R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre6binssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:Program FilesNorton AntiVirusNavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier3.1.807.1746swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:WINDOWSsystem32eDStoolbar.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:Program FilesNorton AntiVirusNavShExt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar3.dll O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe O4 - HKLM..Run: [AzMixerSel] C:Program FilesRealtekInstallShieldAzMixerSel.exe O4 - HKLM..Run: [ntiMUI] C:Program FilesNewTech InfosystemsNTI CD & DVD-Maker 7ntiMUI.exe O4 - HKLM..Run: [Acer ePresentation HPD] C:AcerEmpowering TechnologyePresentationePresentation.exe O4 - HKLM..Run: [iMJPMIG8.1] "C:WINDOWSIMEimjp8_1IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM..Run: [MSPY2002] C:WINDOWSsystem32IMEPINTLGNTImScInst.exe /SYNC O4 - HKLM..Run: [PHIME2002ASync] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /SYNC O4 - HKLM..Run: [PHIME2002A] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /IMEName O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM..Run: [skyTel] SkyTel.EXE O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE O4 - HKLM..Run: [eDataSecurity Loader] C:AcerEmpowering TechnologyeDataSecurityeDSloader.exe 1 O4 - HKLM..Run: [ePower_DMC] C:AcerEmpowering TechnologyePowerePower_DMC.exe O4 - HKLM..Run: [boot] C:AcerEmpowering TechnologyePowerBoot.exe O4 - HKLM..Run: [synTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe O4 - HKLM..Run: [LManager] C:PROGRA~1LAUNCH~1LManager.exe O4 - HKLM..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACECLIStart.exe" O4 - HKLM..Run: [eRecoveryService] C:AcerEmpowering TechnologyeRecoveryeRAgent.exe O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe" O4 - HKLM..Run: [bigDog305] C:WINDOWSVM305_STI.EXE VIMICRO USB PC Camera (ZC0305) O4 - HKLM..Run: [GrooveMonitor] "C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe" O4 - HKLM..Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime O4 - HKLM..Run: [symantec PIF AlertEng] "C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe" /a /m "C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}AlertEng.dll" O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre6binjusched.exe" O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe" /background O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM') O4 - HKUSS-1-5-18..Run: [Picasa Media Detector] C:Program FilesPicasa2PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user') O4 - Global Startup: Acer Empowering Technology.lnk = C:AcerEmpowering TechnologyAcer.Empowering.Framework.Launcher.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: NkbMonitor.exe.lnk = C:Program FilesNikonPictureProjectNkbMonitor.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe O8 - Extra context menu item: &Windows Live Search - res://C:Program FilesWindows Live Toolbarmsntb.dll/search.htm O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000 O8 - Extra context menu item: Skicka till &Bluetooth-enhet... - c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:Program FilesWindows Live ToolbarComponentssv-semsntabres.dll.mui/229?8543bdd187e14a409a4bce25c896c274 O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:Program FilesWindows Live ToolbarComponentssv-semsntabres.dll.mui/230?8543bdd187e14a409a4bce25c896c274 O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:AcerEmpowering TechnologyePerformanceMemCheck.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSetMgr.exe O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6binjqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:Program FilesNorton AntiVirusnavapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:Program FilesNorton AntiVirusIWPNPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSecurity ConsoleNSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:Program FilesNorton AntiVirusSAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe -- End of file - 12558 bytes

SD-fix log: SDFix: Version 1.238 Run by Mattias on 2008-10-27 at 18:57 Microsoft Windows XP [Version 5.1.2600] Running From: C:SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:Documents and SettingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat - Contains Links to Malware Sites! - Deleted C:Documents and SettingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat - Contains Links to Malware Sites! - Deleted C:Documents and SettingsMattias BergstrmApplication DataAdobecrc.dat - Deleted C:Documents and SettingsMattias BergstrmApplication DataAdobePlayer.exe.bak - Deleted C:WINDOWSantiv.exe - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-27 19:04:53 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... HKLMSoftwareMicrosoftWindowsCurrentVersionRun BigDog305 = C:WINDOWSVM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@?????????????? scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist] "%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:Program FilesMessengerMSMSGS.EXE"="C:Program FilesMessengerMSMSGS.EXE:*:Enabled:Windows Messenger" "C:Program FilesMSN Messengermsncall.exe"="C:Program FilesMSN Messengermsncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE"="C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:Program FilesMicrosoft OfficeOffice12GROOVE.EXE"="C:Program FilesMicrosoft OfficeOffice12GROOVE.EXE:*:Enabled:Microsoft Office Groove" "C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE"="C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "C:Program FilesMSN Messengermsnmsgr.exe"="C:Program FilesMSN Messengermsnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:Program FilesMSN Messengerlivecall.exe"="C:Program FilesMSN Messengerlivecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:Program FilesBonjourmDNSResponder.exe"="C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour" [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist] "%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:Program FilesMSN Messengermsncall.exe"="C:Program FilesMSN Messengermsncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:Program FilesMSN Messengermsnmsgr.exe"="C:Program FilesMSN Messengermsnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:Program FilesMSN Messengerlivecall.exe"="C:Program FilesMSN Messengerlivecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files : File Backups: - C:SDFixbackupsbackups.zip Files with Hidden Attributes : Mon 26 Jun 2006 1,024 ...HR --- "C:WINDOWSsystem32NTICDMK7.dll" Mon 26 Jun 2006 1,024 ...HR --- "C:WINDOWSsystem32NTIMP3.dll" Mon 26 Jun 2006 1,024 ...HR --- "C:WINDOWSsystem32NTIMPEG2.dll" Mon 26 Jun 2006 1,024 ...HR --- "C:WINDOWSsystem32NTIFCD3.dll" Mon 26 Jun 2006 1,024 ...HR --- "C:WINDOWSsystem32NTIBUN4.dll" Tue 22 Jan 2008 6,219,320 A..H. --- "C:Program FilesPicasa2setup.exe" Wed 23 May 2007 23,040 ...H. --- "C:Documents and SettingsMattias BergstrmDesktop~WRL0005.tmp" Tue 9 Jan 2007 0 A.SH. --- "C:Documents and SettingsAll UsersDRMCacheIndiv01.tmp" Thu 7 Dec 2006 3,096,576 A..H. --- "C:Documents and SettingsMattias BergstrmApplication DataU3tempLaunchpad Removal.exe" Finished!

Go kväll! Nu har jag gjort det du sa. Installerat nya Java, enligt instruktionerna, och kört SDfix och sparat en log. Jag tror att Issuen som Norton varnar om bara handlar om att det inte är en ny update som är installerad. Och eftersom det inte är min dator så låter jag det vara tills han kommer hem. Jag har oxå gjort en ny HJT-log som jag klistrar in nedan. Under den klistrar jag oxå in SDfix-loggen. Sen försöker jag göra några till inlägg med SmitFraudFix-loggen uppdelad. Shit, den här datorn kommer ju vara friskare än någonsin efter det här! Jätte tacksamma hälsningar, L

Provar att bifoga Smitfraud Fix-rapporten, men den var för stor så jag delade upp den. Mvh, Linus

Hej igen! ... och tack igen! Nu verkar datorn vara frisk! Du är ju hur grym som helst. Ikoner mm är tillbaka och det ser bra ut. ...Det kommer iofs fortfarande upp en ruta av Norton nere till höger ibland där det står ngt om 1 issue som need to be fixed. Vet inte om den kom upp tidigare oxå eller om den är ny. Det är en gammal version av Norton, men jag ska snacka med min polare när han kommer hem. Men jag har gjort ytterligare en HiJack analys, och en SmittfraudFix som jag skulle. Klistra in HJTs filen först: SMFF-rapporten verkar dock vara för lång. Provar att klistra in den i ett seperat svar. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:11:51, on 2008-10-27 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32Ati2evxx.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32Ati2evxx.exe C:Program FilesCommon FilesSymantec SharedccSetMgr.exe C:WINDOWSExplorer.EXE C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe C:WINDOWSsystem32spoolsv.exe C:AcerEmpowering TechnologyePerformanceMemCheck.exe C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe c:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe C:WINDOWSeHomeehRecvr.exe C:WINDOWSeHomeehSched.exe C:Program FilesCommon FilesLightScribeLSSrvc.exe C:Program FilesNorton AntiVirusnavapsvc.exe C:Program FilesNorton AntiVirusIWPNPFMntor.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32wbemwmiapsrv.exe C:WINDOWSsystem32dllhost.exe C:WINDOWSsystem32ctfmon.exe C:WINDOWSehomeehtray.exe C:WINDOWSeHomeehmsas.exe C:WINDOWSRTHDCPL.EXE C:AcerEmpowering TechnologyeDataSecurityeDSloader.exe C:AcerEmpowering TechnologyePowerePower_DMC.exe C:Program FilesSynapticsSynTPSynTPEnh.exe C:PROGRA~1LAUNCH~1LManager.exe C:AcerEmpowering TechnologyeRecoveryeRAgent.exe C:Program FilesCommon FilesSymantec SharedccApp.exe C:WINDOWSVM305_STI.EXE C:Program FilesJavajre1.6.0_03binjusched.exe C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe C:WINDOWSsystem32rundll32.exe C:Program FilesATI TechnologiesATI.ACECLI.EXE C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe C:Documents and SettingsMattias BergströmApplication DataAdobePlayer.exe C:WINDOWSsystem32wbemunsecapp.exe C:AcerEmpowering TechnologyAcer.Empowering.Framework.Launcher.exe C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe C:Program FilesNikonPictureProjectNkbMonitor.exe C:WINDOWSsystem32wuauclt.exe C:WINDOWSsystem32wuauclt.exe C:Program FilesATI TechnologiesATI.ACEcli.exe C:Program FilesATI TechnologiesATI.ACEcli.exe C:Program FilesCommon FilesSymantec SharedSecurity ConsoleNSCSRVCE.EXE C:Program FilesMessengermsmsgs.exe C:Program FilesTrend MicroHijackThislinus.exe R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://sv.intl.acer.yahoo.com/ R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_03binssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:Program FilesNorton AntiVirusNavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier3.1.807.1746swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:WINDOWSsystem32eDStoolbar.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:Program FilesNorton AntiVirusNavShExt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar3.dll O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe O4 - HKLM..Run: [AzMixerSel] C:Program FilesRealtekInstallShieldAzMixerSel.exe O4 - HKLM..Run: [ntiMUI] C:Program FilesNewTech InfosystemsNTI CD & DVD-Maker 7ntiMUI.exe O4 - HKLM..Run: [Acer ePresentation HPD] C:AcerEmpowering TechnologyePresentationePresentation.exe O4 - HKLM..Run: [iMJPMIG8.1] "C:WINDOWSIMEimjp8_1IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM..Run: [MSPY2002] C:WINDOWSsystem32IMEPINTLGNTImScInst.exe /SYNC O4 - HKLM..Run: [PHIME2002ASync] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /SYNC O4 - HKLM..Run: [PHIME2002A] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /IMEName O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM..Run: [skyTel] SkyTel.EXE O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE O4 - HKLM..Run: [eDataSecurity Loader] C:AcerEmpowering TechnologyeDataSecurityeDSloader.exe 1 O4 - HKLM..Run: [ePower_DMC] C:AcerEmpowering TechnologyePowerePower_DMC.exe O4 - HKLM..Run: [boot] C:AcerEmpowering TechnologyePowerBoot.exe O4 - HKLM..Run: [synTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe O4 - HKLM..Run: [LManager] C:PROGRA~1LAUNCH~1LManager.exe O4 - HKLM..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACECLIStart.exe" O4 - HKLM..Run: [eRecoveryService] C:AcerEmpowering TechnologyeRecoveryeRAgent.exe O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe" O4 - HKLM..Run: [bigDog305] C:WINDOWSVM305_STI.EXE VIMICRO USB PC Camera (ZC0305) O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre1.6.0_03binjusched.exe" O4 - HKLM..Run: [GrooveMonitor] "C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe" O4 - HKLM..Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime O4 - HKLM..Run: [symantec PIF AlertEng] "C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe" /a /m "C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}AlertEng.dll" O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe" /background O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe O4 - HKCU..Run: [Player] C:Documents and SettingsMattias BergströmApplication DataAdobePlayer.exe O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM') O4 - HKUSS-1-5-18..Run: [Picasa Media Detector] C:Program FilesPicasa2PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user') O4 - Global Startup: Acer Empowering Technology.lnk = C:AcerEmpowering TechnologyAcer.Empowering.Framework.Launcher.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: NkbMonitor.exe.lnk = C:Program FilesNikonPictureProjectNkbMonitor.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe O8 - Extra context menu item: &Windows Live Search - res://C:Program FilesWindows Live Toolbarmsntb.dll/search.htm O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000 O8 - Extra context menu item: Skicka till &Bluetooth-enhet... - c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:Program FilesWindows Live ToolbarComponentssv-semsntabres.dll.mui/229?8543bdd187e14a409a4bce25c896c274 O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:Program FilesWindows Live ToolbarComponentssv-semsntabres.dll.mui/230?8543bdd187e14a409a4bce25c896c274 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:AcerEmpowering TechnologyePerformanceMemCheck.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSetMgr.exe O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:Program FilesNorton AntiVirusnavapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:Program FilesNorton AntiVirusIWPNPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSecurity ConsoleNSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:Program FilesNorton AntiVirusSAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe -- End of file - 12543 bytes __________________________________

Okej, tänkte nästan det var nått sånt. Så nu har jag kört smittfraudFix. Och loggen är längst ner. Men jag tror oxå jag gjort ngt dumt. Eller inte. Men jag tänkte inte på "OBS: VIKTIGT: Kör INTE några andra allternativ förrän du blir tillbedd att görMena så!" ... utan installerade anti-malware-proget som jag innan såg du rekommenderat till ngn annan, och körde det. Och det hittade en massa krafs som jag sen tog bort. Var det dumt? Jag fick tillbaka min startmeny iaf och aktivitetshanterare! Kanske är jag botat`? Loggen iaf: SmitFraudFix v2.366 Scan done at 12:45:08,73, 2008-10-26 Run from D:SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is FAT32 Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32Ati2evxx.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32Ati2evxx.exe C:Program FilesCommon FilesSymantec SharedccSetMgr.exe C:WINDOWSExplorer.EXE C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe C:WINDOWSsystem32spoolsv.exe C:AcerEmpowering TechnologyePerformanceMemCheck.exe C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe c:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe C:WINDOWSeHomeehRecvr.exe C:WINDOWSeHomeehSched.exe C:Program FilesCommon FilesLightScribeLSSrvc.exe C:Program FilesNorton AntiVirusnavapsvc.exe C:Program FilesNorton AntiVirusIWPNPFMntor.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32wbemwmiapsrv.exe C:WINDOWSehomeehtray.exe C:WINDOWSsystem32ctfmon.exe C:WINDOWSRTHDCPL.EXE C:WINDOWSeHomeehmsas.exe C:AcerEmpowering TechnologyeDataSecurityeDSloader.exe C:AcerEmpowering TechnologyePowerePower_DMC.exe C:Program FilesSynapticsSynTPSynTPEnh.exe C:PROGRA~1LAUNCH~1LManager.exe C:AcerEmpowering TechnologyeRecoveryeRAgent.exe C:Program FilesCommon FilesSymantec SharedccApp.exe C:WINDOWSVM305_STI.EXE C:Program FilesATI TechnologiesATI.ACECLI.EXE C:Program FilesJavajre1.6.0_03binjusched.exe C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe C:WINDOWSsystem32rundll32.exe C:WINDOWSsystem32dllhost.exe C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe C:WINDOWSsystem32wbemunsecapp.exe C:AcerEmpowering TechnologyAcer.Empowering.Framework.Launcher.exe C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe C:Program FilesNikonPictureProjectNkbMonitor.exe C:WINDOWSsystem32wuauclt.exe C:Program FilesCommon FilesSymantec SharedSecurity ConsoleNSCSRVCE.EXE C:Program FilesATI TechnologiesATI.ACEcli.exe C:Program FilesATI TechnologiesATI.ACEcli.exe C:Program FilesJavajre1.6.0_03binjucheck.exe C:WINDOWSsystem32wuauclt.exe C:WINDOWSSystem32svchost.exe C:WINDOWSSoftwareDistributionDownloadfd0264849c01086f3c6b505dc02dbd44updateupdate.exe C:Program FilesSymantecLiveUpdateAUpdate.exe C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE C:Program FilesSymantecLiveUpdateLuCallbackProxy.exe C:Program FilesSymantecLiveUpdateLuCallbackProxy.exe C:Program FilesSymantecLiveUpdateLuCallbackProxy.exe C:WINDOWSsystem32cmd.exe C:Program FilesMessengermsmsgs.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts hosts file corrupted ! 127.0.0.1 www.legal-at-spybot.info 127.0.0.1 legal-at-spybot.info »»»»»»»»»»»»»»»»»»»»»»»» C: »»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWS C:WINDOWSvwnskbot.dll FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSsystem »»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSWeb »»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSsystem32 »»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSsystem32LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:Documents and SettingsMattias Bergstrm »»»»»»»»»»»»»»»»»»»»»»»» C:Documents and SettingsMattias BergstrmApplication Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:DOCUME~1MATTIA~1FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDesktopComponents0] "SubscribedURL"="" "FriendlyName"="Privacy Protection" [HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDesktopComponents1] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» o4Patch !!!Attention, following keys are not inevitably infected!!! o4Patch Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, following keys are not inevitably infected!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, following keys are not inevitably infected!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, following keys are not inevitably infected!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix !!!Attention, following keys are not inevitably infected!!! AntiXPVSTFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon] "Userinit"="C:WINDOWSsystem32userinit.exe," "System"="" »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC - Packet Scheduler Miniport DNS Server Search Order: 192.168.1.1 HKLMSYSTEMCCSServicesTcpip..{9110DABF-D8FC-44B7-9484-A7720D4FA007}: DhcpNameServer=192.168.1.1 HKLMSYSTEMCS1ServicesTcpip..{9110DABF-D8FC-44B7-9484-A7720D4FA007}: DhcpNameServer=192.168.1.1 HKLMSYSTEMCCSServicesTcpipParameters: DhcpNameServer=192.168.1.1 HKLMSYSTEMCS1ServicesTcpipParameters: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End

Hej Malou! Å tack för din hjälp! Mitt virusprogram - Avira Antivir, hittar virus i de smittfraud-Fix-filer jag försökt ladda ner. Är det mitt virusprogram som är lite knasigt kanske?

********************************************* 2009-01-08: Tråden är nu låst. Tycker du att den är felaktigt låst, var god kontakta Malou ********************************************* Hej, Jag skulle behöva hjälp med att få bort ngt form av virus, worm eller liknande. Fick det när jag installerade en dum fil jag trodde var ngt ofarligt på en kompis dator, och nu står det "virus alert" hela tiden och aktivitetshanteraren är avaktiverad. Jobbigt, för jag hade inte frågat om jag fick låna datorn. Efter googlat en del har jag förstått att vissa kan analysera dessa hijack-loggfiler, och att man på så sätt kan se vilka filer man sen måste ta bort i felsäkert läge. Har jag förstått rätt att man sedan bara går in i felsäkert läge och radera dessa filer från systemmappen eller liknande? Jag har oxå läst att alla automatiska analyserare som finns inte är så tillförlitliga, och att det alltid är bäst med lite expertis-hjälp. Så då tänkte jag att jag prova be er om den hjälpen. Jag har följt instruktionerna för hur man installerar/använder hijack. Tack på förhand! Här kommer loggen: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:39: VIRUS ALERT!, on 2008-10-26 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32Ati2evxx.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32Ati2evxx.exe C:Program FilesCommon FilesSymantec SharedccSetMgr.exe C:WINDOWSExplorer.EXE C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe C:WINDOWSsystem32spoolsv.exe C:AcerEmpowering TechnologyePerformanceMemCheck.exe C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe c:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe C:WINDOWSeHomeehRecvr.exe C:WINDOWSeHomeehSched.exe C:Program FilesCommon FilesLightScribeLSSrvc.exe C:Program FilesNorton AntiVirusnavapsvc.exe C:Program FilesNorton AntiVirusIWPNPFMntor.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32wbemwmiapsrv.exe C:WINDOWSehomeehtray.exe C:WINDOWSsystem32ctfmon.exe C:WINDOWSRTHDCPL.EXE C:WINDOWSeHomeehmsas.exe C:AcerEmpowering TechnologyeDataSecurityeDSloader.exe C:AcerEmpowering TechnologyePowerePower_DMC.exe C:Program FilesSynapticsSynTPSynTPEnh.exe C:PROGRA~1LAUNCH~1LManager.exe C:AcerEmpowering TechnologyeRecoveryeRAgent.exe C:Program FilesCommon FilesSymantec SharedccApp.exe C:WINDOWSVM305_STI.EXE C:Program FilesATI TechnologiesATI.ACECLI.EXE C:Program FilesJavajre1.6.0_03binjusched.exe C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe C:WINDOWSsystem32rundll32.exe C:WINDOWSsystem32dllhost.exe C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe C:Documents and SettingsMattias BergströmApplication DataAdobePlayer.exe C:WINDOWSsystem32wbemunsecapp.exe C:AcerEmpowering TechnologyAcer.Empowering.Framework.Launcher.exe C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe C:Program FilesNikonPictureProjectNkbMonitor.exe C:WINDOWSsystem32wuauclt.exe C:Program FilesCommon FilesSymantec SharedSecurity ConsoleNSCSRVCE.EXE C:Program FilesATI TechnologiesATI.ACEcli.exe C:Program FilesATI TechnologiesATI.ACEcli.exe C:Program FilesJavajre1.6.0_03binjucheck.exe C:WINDOWSsystem32msiexec.exe C:Program FilesMessengermsmsgs.exe C:Program FilesTrend MicroHijackThislinus.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.hotmail.com/ R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://sv.intl.acer.yahoo.com R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://sv.intl.acer.yahoo.com R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://sv.intl.acer.yahoo.com/ R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll O2 - BHO: QXK Olive - {156A3BCD-1A0B-4C53-9610-CB487AFF4A8E} - C:WINDOWSaetlsrknavf.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:SPYBOT~1SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_03binssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:Program FilesNorton AntiVirusNavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier3.1.807.1746swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:WINDOWSsystem32eDStoolbar.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:Program FilesNorton AntiVirusNavShExt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar3.dll O3 - Toolbar: bkqxdons - {EC21D037-F4B2-477B-8D46-BA927BDD5EA9} - C:WINDOWSbkqxdons.dll O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe O4 - HKLM..Run: [AzMixerSel] C:Program FilesRealtekInstallShieldAzMixerSel.exe O4 - HKLM..Run: [ntiMUI] C:Program FilesNewTech InfosystemsNTI CD & DVD-Maker 7ntiMUI.exe O4 - HKLM..Run: [Acer ePresentation HPD] C:AcerEmpowering TechnologyePresentationePresentation.exe O4 - HKLM..Run: [iMJPMIG8.1] "C:WINDOWSIMEimjp8_1IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM..Run: [MSPY2002] C:WINDOWSsystem32IMEPINTLGNTImScInst.exe /SYNC O4 - HKLM..Run: [PHIME2002ASync] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /SYNC O4 - HKLM..Run: [PHIME2002A] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /IMEName O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM..Run: [skyTel] SkyTel.EXE O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE O4 - HKLM..Run: [eDataSecurity Loader] C:AcerEmpowering TechnologyeDataSecurityeDSloader.exe 1 O4 - HKLM..Run: [ePower_DMC] C:AcerEmpowering TechnologyePowerePower_DMC.exe O4 - HKLM..Run: [boot] C:AcerEmpowering TechnologyePowerBoot.exe O4 - HKLM..Run: [synTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe O4 - HKLM..Run: [LManager] C:PROGRA~1LAUNCH~1LManager.exe O4 - HKLM..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACECLIStart.exe" O4 - HKLM..Run: [eRecoveryService] C:AcerEmpowering TechnologyeRecoveryeRAgent.exe O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe" O4 - HKLM..Run: [bigDog305] C:WINDOWSVM305_STI.EXE VIMICRO USB PC Camera (ZC0305) O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre1.6.0_03binjusched.exe" O4 - HKLM..Run: [GrooveMonitor] "C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe" O4 - HKLM..Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime O4 - HKLM..Run: [YUR8.exe] C:Windowssystem32YUR8.exe O4 - HKLM..Run: [YUR9.exe] C:Windowssystem32YUR9.exe O4 - HKLM..Run: [YURB.exe] C:Windowssystem32YURB.exe O4 - HKLM..Run: [YURC.exe] C:Windowssystem32YURC.exe O4 - HKLM..Run: [YUR2.exe] C:Windowssystem32YUR2.exe O4 - HKLM..Run: [YUR1.exe] C:Windowssystem32YUR1.exe O4 - HKLM..Run: [YUR3.exe] C:Windowssystem32YUR3.exe O4 - HKLM..Run: [YUR4.exe] C:Windowssystem32YUR4.exe O4 - HKLM..Run: [symantec PIF AlertEng] "C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe" /a /m "C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}AlertEng.dll" O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe" /background O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe O4 - HKCU..Run: [Player] C:Documents and SettingsMattias BergströmApplication DataAdobePlayer.exe O4 - HKCU..Run: [YUR8.exe] C:Windowssystem32YUR8.exe O4 - HKCU..Run: [YUR9.exe] C:Windowssystem32YUR9.exe O4 - HKCU..Run: [YURB.exe] C:Windowssystem32YURB.exe O4 - HKCU..Run: [YURC.exe] C:Windowssystem32YURC.exe O4 - HKCU..Run: [YUR2.exe] C:Windowssystem32YUR2.exe O4 - HKCU..Run: [YUR1.exe] C:Windowssystem32YUR1.exe O4 - HKCU..Run: [YUR3.exe] C:Windowssystem32YUR3.exe O4 - HKCU..Run: [YUR4.exe] C:Windowssystem32YUR4.exe O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM') O4 - HKUSS-1-5-18..Run: [Picasa Media Detector] C:Program FilesPicasa2PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user') O4 - Global Startup: Acer Empowering Technology.lnk = C:AcerEmpowering TechnologyAcer.Empowering.Framework.Launcher.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: NkbMonitor.exe.lnk = C:Program FilesNikonPictureProjectNkbMonitor.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present O7 - HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1 O8 - Extra context menu item: &Windows Live Search - res://C:Program FilesWindows Live Toolbarmsntb.dll/search.htm O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000 O8 - Extra context menu item: Skicka till &Bluetooth-enhet... - c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:Program FilesWindows Live ToolbarComponentssv-semsntabres.dll.mui/229?8543bdd187e14a409a4bce25c896c274 O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:Program FilesWindows Live ToolbarComponentssv-semsntabres.dll.mui/230?8543bdd187e14a409a4bce25c896c274 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:SPYBOT~1SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:SPYBOT~1SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll O21 - SSODL: vwnskbot - {7A7504D3-036F-4CF8-A68A-E03AB0D2FFF5} - C:WINDOWSvwnskbot.dll O21 - SSODL: qnflkotm - {51B889A7-82FD-420D-BBC9-7B02C84B8293} - C:WINDOWSqnflkotm.dll O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:AcerEmpowering TechnologyePerformanceMemCheck.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSetMgr.exe O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:Program FilesNorton AntiVirusnavapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:Program FilesNorton AntiVirusIWPNPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSecurity ConsoleNSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:Program FilesNorton AntiVirusSAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe O24 - Desktop Component 0: Privacy Protection - file:///C:WINDOWSprivacy_dangerindex.htm -- End of file - 14813 bytes